General

  • Target

    2025-05-15_7eb980a62275733e40d155af9cf0168e_elex_virlock

  • Size

    436KB

  • Sample

    250515-mrc4qatpt9

  • MD5

    7eb980a62275733e40d155af9cf0168e

  • SHA1

    53000ec131856c338ecff7d09371e6dffd44a786

  • SHA256

    465df9633083c15ae35f795d5992565302a1ae66bf0fa683162400ebc1aed5d7

  • SHA512

    9c2b03c6d62fad94abee9af27dcf14822076bc9e575015480e028f76d3857927e2343b6a495b19aa71148c67784066097c5a869a4a10271222c0c237bd4fb0d6

  • SSDEEP

    6144:v7rKoQSe+gX/bq1uiIxxXl/T36j3kLijpDnjK79LqnXOEam:hFe1UbI7l/jIkLijpDnjU9qnXham

Malware Config

Targets

    • Target

      2025-05-15_7eb980a62275733e40d155af9cf0168e_elex_virlock

    • Size

      436KB

    • MD5

      7eb980a62275733e40d155af9cf0168e

    • SHA1

      53000ec131856c338ecff7d09371e6dffd44a786

    • SHA256

      465df9633083c15ae35f795d5992565302a1ae66bf0fa683162400ebc1aed5d7

    • SHA512

      9c2b03c6d62fad94abee9af27dcf14822076bc9e575015480e028f76d3857927e2343b6a495b19aa71148c67784066097c5a869a4a10271222c0c237bd4fb0d6

    • SSDEEP

      6144:v7rKoQSe+gX/bq1uiIxxXl/T36j3kLijpDnjK79LqnXOEam:hFe1UbI7l/jIkLijpDnjU9qnXham

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (86) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks